server accepting JSON in POST - how to secure/validate? - nodejs

The old Google Groups will be going away soon, but your browser is incompatible with the new version.

« Groups Home

nodejs

Home

Discussions

+ new post

About this group

Join this group

Message from discussion server accepting JSON in POST - how to secure/validate?

Bradley Meck

View profile

More options Jan 19 2012, 3:13 pm

From: Bradley Meck <bradley.m...@gmail.com>

Date: Thu, 19 Jan 2012 12:13:45 -0800 (PST)

Local: Thurs, Jan 19 2012 3:13 pm

Subject: Re: [nodejs] Re: server accepting JSON in POST - how to secure/validate?

Print | View thread | Show original | Report this message | Find messages by this author

JSON.parse will remove functions, but not save you from things such as :
"{hasOwnProperty:null,toString:0,valueOf:"_"}"

JSON.parse(str).hasOwnProperty(...) toString(...) etc. will throw an error

Also a real nightmare starts to show up when you have "{"key":1}" and
"{"key":"1"}" and you naively use an object as a hash.

var cache = {}
function update(str) {
var updatedObj = JSON.parse(str)
var objs = [{key:...}] // gotten from some API call
var isNewObject = objs.every(function(existingObj) {
existingObj.key !== updatedObj.key
})
if (isNewObject) {
cache[key] = updatedObj
}
else {
cache[key] = mergeAndUpdate(cache[key], updatedObject)
}

}

In this case "1" !== 1 and so the updated object when attached to the cache
will completely replace instead of updating and merging with the existing
object.

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy

Account Options